From 189dcb1002ef6582cfc8074c09cb6e47d6034dd8 Mon Sep 17 00:00:00 2001
From: Jacob Walls <jacobtylerwalls@gmail.com>
Date: Fri, 5 Dec 2025 15:32:56 -0500
Subject: [6.0.x] Fixed #36778 -- Extended advice to sanitize input before
 using in query expressions.

Thanks Clifford Gama and Simon Charette for reviews.

Backport of 334308efae8e0c7b1523d5583af32b674a098eba from main.
---
 docs/ref/models/database-functions.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'docs/ref/models/database-functions.txt')

diff --git a/docs/ref/models/database-functions.txt b/docs/ref/models/database-functions.txt
index 00c94f0350..3692a4ada5 100644
--- a/docs/ref/models/database-functions.txt
+++ b/docs/ref/models/database-functions.txt
@@ -9,7 +9,8 @@ The classes documented below provide a way for users to use functions provided
 by the underlying database as annotations, aggregations, or filters in Django.
 Functions are also :doc:`expressions </ref/models/expressions>`, so they can be
 used and combined with other expressions like :ref:`aggregate functions
-<aggregation-functions>`.
+<aggregation-functions>`. See the :class:`~django.db.models.Func` documentation
+for security considerations.
 
 We'll be using the following model in examples of each function::
 
-- 
cgit v1.3